No Password Required: From AOL to Award-Winning Cuisine to High-Stakes Hacking
Key Discovery Points: Don’t Get Caught with Your Hand in the Production Cookie Jar
How Startups Can Comply With Ever-Changing Privacy Laws
#Risk New York Speaker Series – Bridging the Gap: Effective Risk Communication in Compliance with Rob Clark, Jr.
Privacy for Risk Management: Bridge the Business, Technology and Compliance Gaps
Innovation in Compliance: Real-Time Fraud Prevention Strategies for Financial Loss Prevention with Vince Walden
Rethinking Records Retention
#Risk New York Speaker Series: The Future of AI Governance in GRC with Matt Kelly
The Privacy Insider Podcast Episode 15: TAKE IT DOWN: Online Abuse and Harassment with Carrie Goldberg of C.A. Goldberg, PLLC
Facial Recognition and Legal Boundaries: The Clearview AI Case Study — Regulatory Oversight Podcast
AI on the Job: How to Stay Ahead of Employment and Data Privacy Risks
Podcast: Addressing Patient Complaints About Privacy Violations
Compliance and AI: Using AI for Data Loss Prevention Systems with Vinay Goel
Safeguarding Your Business Data
State AGs Unite: New Privacy Task Force Signals Shift in Regulatory Power Dynamics — Regulatory Oversight Podcast
Constangy Clips Ep. 10 - 3 Ways the GDPR Is Evolving with Today’s Tech Landscape
The Privacy Insider Podcast Episode 14: The Pig Around the Corner: Privacy and Trade with Constantine Karbaliotis of nNovation LLP
State AG Pulse | Massive Google Settlement Shows AGs Serious About Privacy
Podcast - What Healthcare Providers Should Be Telling Students and Interns About HIPAA and Snooping
State AGs Unite: New Privacy Task Force Signals Shift in Regulatory Power Dynamics — The Consumer Finance Podcast
The Health Insurance Portability and Accountability Act of 1996, as amended by the Health Information Technology for Economic and Clinical Health Act, and the regulations promulgated thereunder (collectively “HIPAA”) is a...more
In this Key Discovery Points video, Brett Burney of Nextpoint and Doug Austin of eDiscovery Today unpack a court’s bold move in the Meta Pixel healthcare case – ordering the production of third-party cookie data tied to...more
Ontario’s Information and Privacy Commissioner (IPC) has released a new Privacy Management Handbook (Handbook) aimed at assisting small healthcare organizations to meet their privacy obligations under Ontario’s health...more
On June 6, 2025, the United States District Court for the Northern District of California dismissed a number of claims being brought against Google related to its alleged improper collection of health-related data though...more
Employers' access to, and retention of, employee medical information can be fraught with legal risk. Even the most seasoned HR professionals have trouble navigating the complex rules and regulations governing employee medical...more
Last year, the federal Office for Civil Rights (OCR) modified the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule to strengthen protections for reproductive health care information (the “2024 Rule”)....more
The U.S. District Court for the Northern District of Texas on June 18, 2025, issued an order vacating the HIPAA Privacy Rule to Support Reproductive Health Care Privacy, published on April 26, 2024, which amended the Health...more
On April 17, 2025, the Connecticut Office of the Attorney General (“OAG”) released an Updated Enforcement Report Pursuant to the Connecticut Data Privacy Act (“Report”). The Report, the second issued by OAG (read our...more
Artificial intelligence (AI) is rapidly reshaping the digital health sector, driving advances in patient engagement, diagnostics, and operational efficiency. However, for Privacy Officers, AI’s integration into digital health...more
HCCA's Healthcare Privacy Compliance Academy is a three-and-a-half-day interactive education program with a focus on the vast body of privacy laws and regulations in place to help you protect PHI and other critical data. Our...more
Recently we had a client pose an interesting question about providing accommodations to disabled temporary workers. A temp agency referred a worker to its client, but advised the client that the worker had requested certain...more
On March 15, Kentucky passed HB 473 (the “bill”), which amends the Kentucky Consumer Data Protection Act (the “Act”), whose passage was previously covered by InfoBytes and goes into effect on January 1, 2026. The bill creates...more
An insured who purchased insurance specifically for privacy injury liability was recently forced to sue its insurer after it denied coverage. The insured allegedly “installed web beacons and cookies on its platforms so that...more
A HIPAA compliance assessment is an evaluation of an organization's practices, policies, and procedures to ensure that they align with requirements from the Health Insurance Portability and Accountability Act (“HIPAA”). It...more
The HIPAA Privacy and Security Rules require covered entities (including healthcare providers and health plans) and their business associates to protect patient information stored or transmitted electronically, including...more
Nearly six years to the day that Warby Parker reported a breach affecting nearly 200,000 individuals, the HHS Office for Civil Rights (OCR) imposed a $1.5 million fine on the eyewear giant. Investigated by OCR under the Biden...more
On January 20, the US Department of Homeland Security (DHS) rescinded 2021 guidelines that previously designated hospitals, clinics, and other health care facilities as “protected areas” and limited immigration enforcement...more
New York lawmakers recently passed a wide-ranging health information privacy bill that would require entities to obtain consent to collect, use, or sell an individual’s health information except for designated purposes. ...more
The New York State legislature passed the Health Information Privacy Act (“NYHIPA”) on January 22, 2025, marking the second state to introduce a comprehensive consumer health data law. If passed, the NYHIPA imposes more...more
If enacted, the New York Health Information Privacy Act (“NYHIPA”) will be the latest in a series of state privacy laws that regulate health data outside of the traditional health care context. It would follow the passage of...more
An online retailer was recently hit with the first class action under Washington’s consumer health data privacy law alleging that it used advertising software attached to certain third-party mobile phone apps to unlawfully...more
The first class action complaint was filed under Washington’s My Health My Data Act (“MHMDA”) on February 10, 2025, more than a year after the law’s passage. When the law passed in April 2023, MHMDA was novel for its broad...more
Illinois’s Biometric Information Privacy Act (BIPA) continues to drive a wave of privacy-related litigation across the United States, though a 2024 amendment to the act—the first since BIPA’s enactment in 2008—may slow the...more
Earlier this year, the New York legislature passed the New York Health Information Privacy Act (New York HIPA), establishing strict requirements for handling health data. The legislation shares similarities with Washington’s...more